profile
viewpoint

Ask questionsContent Security Policy seemingly absent from new instance

From https://github.com/mozilla/hubs/discussions/2994

After changing the admin settings for content-src and script-src I am seeing CORS errors even after deleting an instance and creating a fresh new one. (Param store has been untouched by me)

Example error below:

Refused to prefetch content from 'https://bp-hubs-main-assets.brokenplace.com/spoke/assets/js/vendors~package-kit-page~project-page-f6be3132b65e15548183.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.

Also from the discussion, prior to a fresh instance, I was seeing

Content Security Policy: The page’s settings blocked the loading of a resource at https://bp-hubs-assets.<internaldomain>.com/...

You can see the error in Spoke or in a room at the following Hubs Cloud instance: https://hubs.broken.place

The above instance is currently in line with the hubs-cloud branch.

mozilla/hubs-cloud

Answer questions antpb

I notice that my internal domain is not in the new stacks Cors params. Should it be? Here’s what it looks like currently

CorsOrigins https://hubs.broken.place,https://bpxr.link,https://hubs.local:8080,https://localhost:8080
useful!

Related questions

No questions were found.
source:https://uonfu.com/
Github User Rank List